Security
Software
Necessary

Wednesday, August 20, 2008

milw0rm exploit Explanations - How To Hack websites

by : Mr India

milw0rm exploit Explanations

In this thread i will try to explain exploits posted in milw0rm, i will put dorks of them and will explain how to use that exploits. You may ask abt any exploit here also..

let's start with today's exploit

- VidiScript (Avatar) Remote Arbitrary File Upload Vulnerability
http://www.milw0rm.com/exploits/6259
Author : InjEctOr5

Explanation :~
This exploit says we can upload PHP file instead of image file in vulnerable sites. To do this, we have to register in website and go to profile page and there, we have to upload php shell as avatar and find location of avatar on same page by viewing source code from this directory

site.com/uploads/avatars/

How to find sites which are using that script.
1). Google Dork

"Free Video Script Powered By VidiScript.com"
-with quote

2). Checking Backlinks to the main site
http://www.backlinkwatch.com/?backlinkurl=http://www.vidiscript.com

from checking backlinks. you will find almost all sites which are using that script but it will also return result of sites who have just given link to the site.

Stumble Upon Toolbar

No comments:

Free Web Hosting

Free Web Hosting with Website Builder

Snap Shots

Get Free Shots from Snap.com